Anti-skimming card reader computing device

ABSTRACT

A computing device that includes a card reader component including a card reader, a plurality of micro cameras positioned proximate to the card reader, a battery detector circuit, and processing circuitry in communication with the card reader component, the plurality of micro cameras, and the battery detector circuit is described. The processing circuitry is configured to analyze one or more images captured by the plurality of micro cameras, determine that one or more of the images captured by the plurality of micro cameras is obscured, in response to the determination that the one or more of the images of the plurality of micro cameras is obscured, initiate the battery detector circuit, and in response to the battery detector circuit detecting a presence of an external battery near the card reader, determine that a skimming device is affixed over the card reader component.

TECHNICAL FIELD

The disclosure relates to automatic teller machines and other computingdevices having card readers.

BACKGROUND

Computing devices including card readers allow a user to performfinancial transactions themselves without the need for an in-personcashier or bank teller. In some examples, the computing devicesincluding card readers may be “pay at the pump” gasoline terminals atgas stations or “self-checkout” terminals in grocery or retail stores.In other examples, the computing devices including card readers may beautomatic teller machines (ATMs) associated with financial institutions.In order to utilize such computing devices, a user may insert a creditor debit card that contains identifying information. The identifyinginformation may include the user's name, account number, or the like.The identifying information may be contained in a magnetic stripe of thecard that is read by the card reader on the computing device uponinsertion of the card. The user may also enter a personal identificationnumber (PIN) in order to further verify their identify for thetransaction.

As electronic transactions become more popular, such as those occurringat gas stations or ATMs, the opportunities for fraud and/or identitytheft may also become more prevalent. One method of capturing anotherperson's identifying information or bank account information is throughthe use of skimming devices on ATMs and other computing devices havingcard readers. A skimming device may be affixed over a card reader or acard reader component to capture a user's identifying information uponinsertion of the user's card past or through the skimming device andinto the card reader or card reader component. The skimming device maybe discrete and still allow the ATM or other computing device to performthe desired transaction using the card reader so that the user does notsuspect any wrong doing. The skimming device may read the identifyinginformation contained in the magnetic stripe and store it and/or send itto a device associated with someone other than the user, i.e., a badactor or fraudster. The skimming device may also include a camera usedto obtain the user's PIN as it is entered on a keypad of the ATM orother computing device. In this way, the bad actor capturing the userinformation may obtain all of the user's identifying information neededto access the user's account or financial information.

SUMMARY

In general, this disclosure describes an anti-skimming computing deviceconfigured to detect a presence of a skimming device affixed over a cardreader component of the computing device. The anti-skimming computingdevice may be an automatic teller machine (ATM), a “pay at the pump” gasstation terminal, a “self-checkout” store terminal, or another computingdevice having a card reader. According to the techniques described inthis disclosure, the anti-skimming computing device uses a two-stageprocess to detect the presence of a skimming device affixed over a cardreader component that includes the card reader of the anti-skimmingcomputing device. As a first stage, the anti-skimming computing deviceuses a plurality of micro cameras positioned proximate to the cardreader to determine whether one or more of the images of the microcameras is at least partially obscured. As a second stage, based on thedetermination that an object is obscuring the image of one or more ofthe micro cameras, the anti-skimming computing device initiates abattery detector circuit to detect whether an external battery ispresent near the card reader. The detected presence of an externalbattery coupled with the object that is obscuring the images of themicro cameras indicates that a skimming device is affixed over the cardreader component.

In one example, a computing device includes a card reader componentincluding a card reader, a plurality of micro cameras positionedproximate to the card reader, a battery detector circuit, and processingcircuitry in communication with the card reader component, the pluralityof micro cameras, and the battery detector circuit, where the processingcircuitry is configured to analyze one or more images captured by theplurality of micro cameras, determine that one or more of the imagescaptured by the plurality of micro cameras is obscured, in response tothe determination that the one or more of the images of the plurality ofmicro cameras is obscured, initiate the battery detector circuit, and inresponse to the battery detector circuit detecting a presence of anexternal battery near the card reader, determine that a skimming deviceis affixed over the card reader component.

In another example, a method includes analyzing, by a computing devicehaving a card reader component including a card reader, one or moreimages captured by a plurality of micro cameras positioned on thecomputing device proximate to the card reader, determining, by thecomputing device, that one or more of the images captured by theplurality of micro cameras is obscured, in response to the determinationthat the one or more of the images of the plurality of micro cameras isobscured, initiating a battery detector circuit included in thecomputing device, and in response to the battery detector circuitdetecting a presence of an external battery near the card reader,determining that a skimming device is affixed over the card readercomponent of the computing device.

In yet another example, a server device includes a memory and one ormore programmable processors in communication with the memory andconfigured to receive, from a computing device, a notification that askimming device is affixed over a card reader component of the computingdevice, and in response to the notification, send instructions to one ormore support servers to initiate a plurality of surveillance cameraslocated in a surrounding area of the computing device and sendinstructions to the computing device to enact one or more securitymeasures to prevent transactions using the card reader component of thecomputing device.

The details of one or more examples of the disclosure are set forth inthe accompanying drawings and the description below. Other features,objects, and advantages of the disclosure will be apparent from thedescription and drawings, and from the claims.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a block diagram illustrating an example network systemincluding an anti-skimming computing device, in accordance with aspectsof the disclosure.

FIG. 2 is a conceptual diagram illustrating an example anti-skimmingATM, in accordance with aspects of the disclosure.

FIG. 3 is a conceptual diagram illustrating an example card readercomponent of the anti-skimming ATM of FIG. 2 in greater detail.

FIG. 4 is a block diagram illustrating an example anti-skimmingcomputing device, in accordance with aspects of the disclosure.

FIG. 5 is a block diagram illustrating an example anti-skimming server,in accordance with aspects of the disclosure.

FIG. 6 is a flow diagram illustrating an example technique to detect askimming device affixed over a card reader component of a computingdevice, in accordance with aspects of the disclosure.

DETAILED DESCRIPTION

FIG. 1 is a block diagram illustrating an example network system 10including an anti-skimming computing device 12, in accordance withaspects of the disclosure. Network system 10 includes anti-skimmingcomputing device 12 in communication with an anti-skimming server 22 ofa financial institution via a network connection. Financial institutionnetwork 30 includes anti-skimming server 22 and anti-skimming supportservers such as an alert system server 28, a forensic analysis server26, and a data analytics prediction server 24.

As shown in FIG. 1, anti-skimming computing device 12 is incommunication with anti-skimming server 22 via a network connection overnetwork 20. In some examples, network 20 may be a private network or apublic network, such as the Internet. Although illustrated as a singleentity, network 20 may include a combination of two or more publicand/or private networks. Network 20 may include one or more of a widearea network (WAN) (e.g., the Internet), a local area network (LAN), avirtual private network (VPN), or another wired or wirelesscommunication network. In some examples, network 20 may be a serviceprovider network coupled to one or more networks administered by otherproviders, and may thus form part of a large-scale public networkinfrastructure, e.g., the Internet.

Anti-skimming computing device 12 includes a card reader which may allowa user to perform financial transactions without the need for anin-person cashier or bank teller. In some examples, the card reader isincluded within a card reader component. The card reader component mayfurther include a card slot, a protective housing or face, a cardshutter, or the like. Anti-skimming computing device 12 may be a deviceused to perform a variety of transactions and/or account balance checks.For example, anti-skimming computing device 12 may be an automaticteller machine (ATM), a “pay at the pump” gas station terminal, a“self-checkout” store terminal, or another computing device having acard reader. Anti-skimming computing device 12 may be located at aretail banking location, a gas station, a grocery store, a mall, acollege campus, or any other suitable location.

Anti-skimming computing device 12 may include a display for displayinginformation and/or receiving inputs. For example, the display maypresent a user with a graphical user interface (GUI) that displaysoptions for completing one or more transactions. In some examples, thedisplay may include a touchscreen for receiving information from theuser indicating a selection via the displayed GUI. Alternatively, oradditionally, anti-skimming computing device 12 may include a keypad orother input device for receiving inputs.

Anti-skimming computing device 12 may include components for vending oraccepting cash and/or checks for various transactions including, forexample, conventional deposits or withdrawals, exchange of localcurrency for foreign currency or vice versa, and/or withdrawal offoreign currency. Anti-skimming computing device 12 may include aprinter component for printing documents for various transactionsincluding, for example, receipts for deposits, receipts for withdrawals,receipts for purchases, or the like. Anti-skimming computing device 12may include a component to dispense envelopes. Anti-skimming computingdevice 12 may also include a component to dispense cash and/or acomponent to dispense cash within an envelope.

The components of anti-skimming computing device 12 described herein maybe separate components, each dedicated to a separate function, or may becombined in any suitable number of components to perform the functionsdescribed herein. A single component may include different subcomponentsused for performing different tasks or may use the same subcomponentsfor each task according to particular needs.

Anti-skimming computing device 12 includes a surveillance camera 14, aplurality of micro cameras 16, and a battery detector 18. According tothe techniques described in this disclosure, anti-skimming computingdevice 12 uses a two-stage process to detect the presence of a skimmingdevice affixed over a card reader component. The card reader componentincludes a card reader used to performed transactions. As a first stage,anti-skimming computing device 12 uses plurality of micro cameras 16positioned proximate to the card reader to determine whether the imagesfrom one or more of the plurality of micro cameras 16 is at leastpartially obscured. In some examples, an obscured image may include animage that is blocked, blurred, darkened, fuzzy, or the like. As asecond stage, based on the determination that an object is obscuring theimage of one or more of the plurality of micro cameras 16, anti-skimmingcomputing device 12 initiates a battery detector 18 to detect whether anexternal battery is present near the card reader. The detected presenceof an external battery near the card reader coupled with the object thatis obscuring the image of the plurality of micro cameras 16 indicatesthat a skimming device is affixed over the card reader component.Anti-skimming computing device 12 including surveillance camera 14,plurality of micro cameras 16, and battery detector 18 will be describedin more detail with respect to FIGS. 2-4 below.

Anti-skimming computing device 12 may perform additional functions inresponse to determining that a skimming device is present in order toprevent a user from performing transactions using the card reader andgetting his or her identifying information captured by the skimmingdevice. For example, anti-skimming computing device 12 may close ashutter over the card reader component to prevent insertion of a cardand/or present an “out of operation” message on a display of thecomputing device to discourage the user from inserting a card.Additionally, or alternatively, anti-skimming computing device 12 mayinitiate surveillance camera 14 in an attempt to capture one or moreimages of a bad actor installing the skimming device over the cardreader component and/or send a notification of the detected skimmingdevice to one or more servers 22 and/or support servers 24, 26, 28 to beused for fraud analysis and alerting the appropriate authorities.

Anti-skimming server 22, alert system server 28, forensic analysisserver 26, and/or data analytics prediction server 24 may be associatedwith a financial institution and included within financial institutionnetwork 30. The financial institution associated with anti-skimmingserver 22 may be a traditional bank or credit union with the capabilityto maintain user accounts, or a credit card company with the capabilityto issue credit and debit accounts. For example, the financialinstitution may maintain checking, savings, and/or investment accountsfor account holders. Anti-skimming server 22 and other similar servers(not shown) of financial institution network 30 may be able to access tocustomer accounts held by the financial institution and/or accounts atother financial institutions via financial institution network 30. Insome cases, anti-skimming server 22 and support servers 24, 26, 28 maybe associated with an organization other than a financial institution.For example, anti-skimming server 22 and support servers 24, 26, 28 maybe associated with a third-party organization, such as an organizationthat tracks and/or detects fraud on behalf of a financial institution.Anti-skimming server 22 may be in communication with alert system server28, forensic analysis server 26, and data analytics prediction server 24via network 20, a wide area network (WAN) (e.g., the Internet), a localarea network (LAN), a virtual private network (VPN), or another wired orwireless communication network. Although anti-skimming server 22 andsupport servers 24, 26, 28 are illustrated as being included withinfinancial institution network 30, in some examples, one or more ofanti-skimming server 22 or support servers 24, 26, 28 may be owned byother parties and in communication with each other via network 20.

Anti-skimming server 22 may be able to access data related to financialinstitution network 30. For example, anti-skimming server 22 may be ableto access information related to accounts of one or more usersassociated with a financial institution. The accounts may be checkingaccounts, savings accounts, investment accounts, or the like.Anti-skimming server 22 may perform authentication of a user ofanti-skimming computing device 12 using the accessible data related tofinancial institution network 30 prior to completing a transaction.Anti-skimming server 22 may authenticate the user using an accountnumber, a personal identification number (PIN), biometric data, or thelike.

Anti-skimming server 22 may also receive alerts from anti-skimmingcomputing device 12 via network 20 regarding fraudulent activity atanti-skimming computing device 12, e.g., the presence of a skimmingdevice. Anti-skimming server 22 may send an alert to one or more ofalert system server 28, forensic analysis server 26, or data analyticsprediction server 24. Anti-skimming server 22 may receive instructionsfrom alert system server 28, forensic analysis server 26, and/or dataanalytics prediction server 24 in response to the alert. Theinstructions may be transmitted to anti-skimming computing device 12.For example, the instructions may be for anti-skimming computing device12 to display an “out of operation” message or to resume normaloperation. In some examples, the instructions to display the “out ofoperation” message may also cause anti-skimming computing device 12 tolock one or more user interface devices, such as a display and/or akeypad, and/or close a shutter over the card reader component to preventtransactions from occurring using the card reader of anti-skimmingcomputing device 12.

Anti-skimming server 22 may be a dedicated server configured to handleanti-skimming functions performed by anti-skimming computing device 12.In other examples, anti-skimming server 22 may be an existing serverthat is modified, e.g., using software, to be able to operate inaccordance with aspects of this disclosure. Anti-skimming server 22 mayact as one of many points of contact between financial institutionnetwork 30, support servers 24, 26, 28, and anti-skimming computingdevice 12, or may be a single point of contact between financialinstitution network 30, support servers 24, 26, 28, and anti-skimmingcomputing device 12.

Anti-skimming server 22 may be in communication with anti-skimmingcomputing device 12, or anti-skimming server 22 may be in communicationwith other computing devices in addition to anti-skimming computingdevice 12. The other computing devices may or may not include theanti-skimming capabilities as described herein. Anti-skimming server 22being in communication with more than one computing device may allowanti-skimming server 22, alert system server 28, forensic analysisserver 26, and data analytics server 24 to communicate with, obtain, andanalyze data from multiple computing devices. Communication and datafrom multiple computing devices may help the servers and/or a financialinstitution understand, combat, and protect against skimming attacks.

Alert system server 28 may be used to send a notification to anauthority upon receiving an alert relating to detection of a skimmingdevice affixed to anti-skimming computing device 12. The notificationmay be sent through an email, a text message, or the like to notify anauthority, such as, for example, an employee of the financialinstitution, of the skimming device. Alert system server 28 may also bein wireless or wired communication with financial institution network 30to transmit the notification. One or more employees of financialinstitution network 30 may receive the notification. In some examples,the one or more employees may determine an appropriate action to take,such as, for example, alerting the police or searching anti-skimmingcomputing device 12 for a skimming device in person. Additionally, oralternatively, alert system server 28 may send the notification to thepolice, Federal Bureau of Investigation (FBI), or another fraudtracking/criminal investigation group of the detection of a skimmingdevice affixed to anti-skimming computing device 12.

Forensic analysis server 26 may trigger one or more surroundingsurveillance cameras to begin recording upon receipt of the alert fromanti-skimming server 22. The surrounding surveillance cameras may be,for example, surveillance cameras located around anti-skimming computingdevice 12 on neighboring buildings, such as a bank where anti-skimmingcomputing device 12 may be located. A financial institution may own thesurrounding surveillance cameras to be operated in accordance withaspects of this disclosure. Forensic analysis server 26 may configurethe surrounding surveillance cameras to turn on, begin recording, oroperate specifically to help combat a skimming attack. For example, thesurrounding surveillance cameras may be configured to attempt to captureimages or a video of a bad actor who may have affixed a skimming deviceon anti-skimming computing device 12. The surrounding surveillancecameras may include sensors to help direct the cameras in an attempt tocapture the desired images. For example, the surrounding surveillancecameras may include one or more motion detectors to direct the camerasto a bad actor running away from anti-skimming computing device 12, to alicense plate of a car leaving the area, or the like. In some examples,one or more surrounding surveillance cameras may be initiatedpreemptively. For example, if anti-skimming computing device 12 detectsan affixed skimming device, one or more surrounding surveillance camerasnear other computing devices within a vicinity of anti-skimmingcomputing device 12 may be initiated. In this way, the surroundingsurveillance cameras may be able to capture an image of a bad actor whomay be attempting to attack multiple computing devices by attackingskimming devices. Forensic analysis server 26 may store the videos ortransmit the videos to alert system server 28, e.g., for delivery to afinancial institution and/or an authority.

Forensic analysis server 26 may receive images and/or videos captured bya plurality of micro cameras 16 and/or a surveillance camera 14 onanti-skimming computing device 12 and store them or transmit them toalert system server 28. In some examples, forensic analysis server 26may transmit instructions to anti-skimming server 22 to instructanti-skimming computing device 12 to initiate surveillance camera 14 andbegin recording, such as, for example, as a preemptive measure if afuture skimming attack is suspected. In some examples, forensic analysisserver 26 may store the data received by anti-skimming server 22pertaining to the skimming attack. In this way, an authority,investigator, or the like, may be able to access data and/or informationthat may help determine the identity, location, and/or other informationabout the bad actor responsible for the skimming attack.

Data analytics prediction server 24 may receive data from anti-skimmingserver 22 and/or forensic analysis server 26. Data analytics predictionserver 24 may use the data to detect a pattern in one or more skimmingattacks, predict when or where another skimming attack may take place,preemptively alert forensic analysis server 26 to initiate surveillancecameras prior to a skimming device being detected, or providerecommendations to a financial institution. For example, data analyticsprediction server 24 may use Geographic Information Systems (GIS),Raster GIS, point processing, linear regression, and/or exponentialsmoothing models to predict trends and/or behavior patterns of badactors and/or skimming attacks. In some examples, data analyticsprediction server 24 may use the data received from anti-skimming server22 to extract diversified information that may help detect patternsand/or predict a future skimming attack. For example, data analyticsprediction server 24 may extract information such as the location ofanti-skimming computing device 12, the time that a suspected skimmingattack was initiated, the sequence of anti-skimming computing devicesthat were attacked (e.g., in the case where skimming devices weredetected on more than one anti-skimming computing device), and the like.In some examples, data analytics prediction server 24 may use predictiveanalytics, statistics, high-speed processing, and combinations thereofin order detect a pattern in skimming attacks and/or predict a futureskimming attack.

In some examples, anti-skimming server 22, alert system server 28,forensic analysis server 26, and data analytics prediction server 24 areall separate servers. In other examples, anti-skimming server 22, alertsystem server 28, forensic analysis server 26, and/or data analyticsprediction server 24 may be separate units within one or more servers.

FIG. 2 is a conceptual diagram illustrating an example anti-skimming ATM40, in accordance with aspects of the disclosure. Anti-skimming ATM 40includes a display 42, a card reader component 52, a surveillance camera50, and a keypad 46. Anti-skimming ATM 40 may operate substantiallysimilar to anti-skimming computing device 12 from FIG. 1. For example,anti-skimming ATM 40 may be in communication with anti-skimming server22 via network 20 from FIG. 1. The architecture of anti-skimming ATM 40illustrated in FIG. 2 is shown for exemplary purposes only, andanti-skimming ATM 40 should not be limited to this architecture. In someexamples, anti-skimming ATM 40 may include additional components that,for clarity, are not shown in FIG. 2. In other examples, anti-skimmingATM 40 may be configured in a variety of ways.

Anti-skimming ATM 40 may contain a cash dispenser 44 and a printercomponent 48. Cash dispenser 44 may dispense cash to a user ofanti-skimming ATM 40, such as during a withdrawal transaction. Printercomponent 48 may print receipts for various transactions and/or accountbalance checks performed using anti-skimming ATM 40. In some examples,cash dispenser 44 and/or printer component 48 may include differentcomponents such as, for example, components for accepting cash, acomponent for vending/accepting checks, a component to dispenseenvelopes, or the like. Anti-skimming ATM 40 may contain two componentssuch as cash dispenser 44 and printer component 48, or anti-skimming ATM40 may contain fewer or greater components for performing financialtransactions using anti-skimming ATM 40, in accordance with aspects ofthe disclosure.

Anti-skimming ATM 40 may include a display 42 for inputting information,performing transactions, showing informational videos, or the like. AGUI presented on display 42 may allow a user to interact withanti-skimming ATM 40 by display of graphical icons and visualindicators. For example, display 42 may present a GUI that displaysrecommended actions and/or other options to a user. In certain examples,display 42 may be a touch sensitive screen and may present one or moretouch sensitive GUI elements. For example, a user may be able tointeract with anti-skimming ATM 40 to respond to options displayed ondisplay 42 and initiate an action by touching one or more of the touchsensitive GUI elements displayed on display 42. For example, display 42may be a presence-sensitive display that displays a GUI and receivesinput from a user using capacitive, inductive, and/or optical detectionat or near the presence sensitive display. Additionally, oralternatively, a user may be able to interact with anti-skimming ATM 40to respond to options displayed on display 42 and initiate an action byusing any suitable input device such as, for example, keypad 46, atouchpad, a biometric input device, and/or any other suitable inputdevice. Display 42 may include a cathode ray tube (CRT) monitor, aliquid crystal display (LCD), organic light emitting diode (OLED), orany other type of display device that can generate intelligible outputto a user.

In some examples, display 42 may present a user interface in which auser may perform an action in order to unlock the screen and begin usinganti-skimming ATM 40. For example, as shown in FIG. 2, display 42 mayshow an introduction user interface that directs the user to touchdisplay 42 anywhere or to swipe his or her finger or hand across display42 in the direction of an arrow, or that directs the user to push anybutton on keypad 46 to unlock the screen. Upon unlocking the screen,display 42 may then present an informational video to the user. Theinformational video may include details about skimming devices, such as,for example, how they work, what they look like, or how to detect them.The informational video may instruct the user to check anti-skimming ATM40 for the presence of a skimming device prior to allowing the user toperform a financial transaction. Display 42 may prompt the user to inputa response before presenting a display used to initiate a transaction.In some examples, the response may be the user pushing a button usingdisplay 42 or keypad 46 indicating that he or she did not notice askimming device present on anti-skimming ATM 40. Upon receiving theresponse, display 42 may present a screen allowing the user to performvarious transactions using anti-skimming ATM 40.

Anti-skimming ATM 40 may include card reader component 52. Card readercomponent 52 includes a card slot that allows the user to insert his orher debit, credit, or ATM card (hereinafter, “card”) to preformfinancial transactions using anti-skimming ATM 40. In some examples,anti-skimming ATM 40 may prompt the user to input a PIN in order toauthenticate the user prior to performing the financial transaction. Adisplay may prompt the user to enter the PIN, and the user may enter thePIN using display 42 or keypad 46. Upon receipt of the PIN andauthentication of the user, anti-skimming ATM 40 may allow the user toperform a transaction. In other examples, a fingerprint or retinal scanmay be entered using a biometric input device and used to authenticatethe user. Card reader component 52 may also help prevent a user'sidentifying information from being captured in the event a skimmingdevice is affixed to anti-skimming ATM 40.

FIG. 3 is a conceptual diagram illustrating an example card readercomponent 52 of the anti-skimming ATM 40 of FIG. 2 in greater detail.Card reader component 52 includes card slot 54 that may accept a user'scard. Card reader component 52 includes a card reader within card slot54 that is configured to allow a user to perform transactions using theanti-skimming ATM. The card reader may be located internally of cardreader component 52. Card slot 54 may accept the user's card and directthe card to the card reader. The card reader may be configured to readidentifying information stored on a magnetic stripe, a chip, or the likeof the card to obtain identifying information of the user. For example,the identifying information may be the user's name, bank accountinformation, PIN number, or the like. In some examples, card slot 54 mayreturn the card to the user prior to completing the transaction. Inother examples, card slot 54 may return the card to the user aftercompleting the transaction. In yet another example, the user may swipethe card using card slot 54 rather than insert the card into card slot54.

Card reader component 52 may include a plurality of micro cameras 60.Plurality of micro cameras 60 may be positioned proximate to the cardreader. In some examples, card reader component 52 may include aprotective housing or a face which surrounds card slot 54 and where thecard reader is internally located. In some such examples, plurality ofmicro cameras 60 may be located on, within, and/or behind the protectivehousing or face of card reader component 52. Plurality of micro cameras60 may help detect the presence of a skimming device affixed to theanti-skimming ATM. For example, an obscured image obtained by one ormore of plurality of micro cameras 60 may mean that a skimming devicehas been affixed over card reader component 52. Plurality of microcameras 60 may be in a certain pattern or contain a certain number ofcameras. For example, plurality of micro cameras 60 may be on two sidesof the card reader component 52 (as shown in FIG. 3), on three sides ofcard reader component 52, on four sides of card reader component 52, orthe like. Plurality of micro cameras 60 may be in a distinct pattern, ormay be randomly placed around card reader component 52. Plurality ofmicro cameras 60 may include any number of micro cameras, such as, forexample, twenty micro cameras. Further, plurality of micro cameras 60may be sized and/or located so that a user of the anti-skimming ATM maynot be able to tell that the anti-skimming ATM includes plurality ofmicro cameras 60. Additionally, or alternatively, plurality of microcameras 60 may include a single camera with multiple apertures tocapture images. In some such examples, the apertures may be sized and/orlocated so that a user of the anti-skimming ATM may not be able to tellthat the anti-skimming ATM includes the multiple apertures that areconfigured to capture images.

In some examples, plurality of micro cameras 60 may be directly on orwithin card reader component 52. In other examples, plurality of microcameras 60 may be located behind or around card reader component 52,such as, for example, behind the protective housing of card readercomponent 52. In this way, card reader component 52 and plurality ofmicro cameras 60 may be retrofit onto an existing ATM to make the ATM ananti-skimming ATM, or the anti-skimming ATM may be a new ATM. In eitherexample, plurality of micro cameras 60 may be positioned proximate tothe card reader.

In some examples, a plurality of lights may be used in place ofplurality of micro cameras 60. The plurality of lights may be used incombination with one or more light sensors to help detect the presenceof a skimming device affixed to the anti-skimming ATM. For example, adecrease in the intensity of one or more of the plurality of lights maymean that a skimming device has been affixed over card reader component52. The plurality of lights may be positioned proximate to the cardreader. The plurality of lights may be in a certain pattern or contain acertain number of lights. For example, the plurality of lights may be on2 sides of the card reader component 52, on 3 sides of card readercomponent 52, on 4 sides of card reader component 52, or the like. Theplurality of lights may be in a distinct pattern, or they may be placedrandomly around card reader component 52. The plurality of lights mayinclude any number of lights. Further, the plurality of lights may besized and/or located so that a user of the anti-skimming ATM may not beable to tell that the anti-skimming ATM includes the plurality oflights. In some examples, the plurality of lights may be light emittingdiodes (LEDs).

Card reader component 52 may further include a plurality of holes 58. Insome examples, plurality of holes 58 are aligned with plurality of microcameras 60 in order for plurality of micro cameras to be able to have aline of sight to the exterior of card reader component 52. Plurality ofholes 58 may allow plurality of micro cameras 60 to be offset from theprotective housing or face of card reader component 52. This may helpprevent a user from seeing plurality of micro cameras 60, while stillallowing the micro cameras to obtain a clear image through the holeopening (when a skimming device is not obscuring the images of pluralityof micro cameras 60). Plurality of holes 58 may be around the perimeterof card slot 54 in substantially the same pattern and quantity asplurality of micro cameras 60. Plurality of holes 58 may be sized and/orlocated so that a person using the anti-skimming ATM may not be able totell that the ATM is an anti-skimming ATM. In the case in whichplurality of micro cameras 60 are directly on or within card readercomponent 52, card reader component 52 may or may not include pluralityof holes 58. In the case in which plurality of micro cameras 60 arelocated behind or around card reader component 52, plurality of holes 58may extend partially or substantially through card reader component 52to where plurality of micro cameras 60 are located. The plurality ofholes 58 may be configured in any way conceivable as to allow pluralityof micro cameras 60 to be able to capture images to help detect thepresence of a skimming device while also being discrete, in accordancewith aspects of the disclosure.

Plurality of holes 58 may be configured in substantially the same way inthe case where a plurality of lights and one or more light sensors areutilized in place of or in addition to plurality of micro cameras 60.

Card reader component 52 may include a shutter 56. Shutter 56 may beconfigured to close over the card reader and/or card slot 54 to preventtransactions using the card reader of card reader component 52. In someexamples, shutter 56 may remain open unless the anti-skimming ATM hasdetected a skimming device. In other examples, shutter 56 may remainclosed until after a user has watched an informational video andacknowledged looking for a skimming device, e.g., through the use ofdisplay 42 or keypad 46 from FIG. 2. In any case, shutter 56 may closeand remain closed if the anti-skimming ATM detects a skimming device. Inthis way, shutter 56 may prevent a user from inserting or swiping a cardwhen a skimming device is present, and may prevent the skimming devicefrom obtaining identifying information contained on the card. Further,the anti-skimming ATM may display an “out of operation” message ifshutter 56 is closed due to the presence of a skimming device. Shutter56 may remain closed until the skimming device is no longer detected,may remain closed for a predetermined amount of time, or may remainclosed until the anti-skimming ATM receives a notification that shutter56 can be opened, e.g., from anti-skimming server 22 from FIG. 1.

Although card reader component 52 is described with respect to ananti-skimming ATM, card reader component 52 should not be limited toanti-skimming computing devices that are ATMs. For example, card readercomponent may be included on a “pay at the pump” gas station terminal, a“self-checkout” store terminal, or another computing device having acard reader.

FIG. 4 is a block diagram illustrating an example anti-skimmingcomputing device 72, in accordance with the aspects of the disclosure.Anti-skimming device may be an ATM, a “pay at the pump” gas stationterminal, a “self-checkout” store terminal, or another computing devicehaving a card reader. Anti-skimming computing device 72 may operatesubstantially similar to anti-skimming computing device 12 from FIG. 1.Anti-skimming computing device 72 may be in communication withanti-skimming server 22 via network 20 from FIG. 1. The architecture ofanti-skimming computing device 72 illustrated in FIG. 4 is shown forexemplary purposes only, and anti-skimming computing device 72 shouldnot be limited to this architecture. In some examples, anti-skimmingcomputing device 72 may include additional components that, for clarity,are not shown in FIG. 4. In other examples, anti-skimming computingdevice 72 may be configured in a variety of ways.

As shown in the example of FIG. 4, anti-skimming computing device 72includes one or more processors 74, one or more interfaces 76, asurveillance camera 78, a plurality of micro cameras 80, a batterydetector 82, and one or more memory units 84. Anti-skimming computingdevice 72 also includes anti-skimming unit 86, transaction unit 94,surveillance unit 95, card reader component unit 96, and display unit98, each of which may be implemented as program instructions and/or datastored in memory 84 and executable by processors 74 or implemented asone or more hardware units or devices of anti-skimming computing device72. In some examples, memory 84 of anti-skimming computing device 72 mayalso store an operating system executable by processors 74. Theoperating system stored in memory 84 may control the operation ofcomponents of anti-skimming computing device 72. The components, unitsor modules of anti-skimming computing device 72 are coupled (physically,communicatively, and/or operatively) using communication channels forinter-component communications. In some examples, the communicationchannels may include a system bus, an inter-process communication datastructure, or any other method for communicating data.

Processors 74, in one example, may include one or more processors thatare configured to implement functionality and/or process instructionsfor execution within anti-skimming computing device 72. For example,processors 74 may be capable of processing instructions stored by memory84. Processors 74 may include, for example, microprocessors, digitalsignal processors (DSPs), application specific integrated circuits(ASICs), field-programmable gate array (FPGAs), or equivalent discreteor integrated logic circuitry, or a combination of any of the foregoingdevices or circuitry.

Memory 84 may be configured to store information within anti-skimmingcomputing device 72 during operation. Memory 84 may include acomputer-readable storage medium. In some examples, memory 84 includesone or more of a short-term memory or a long-term memory. Memory 84 mayinclude, for example, random access memories (RAM), dynamic randomaccess memories (DRAM), static random access memories (SRAM), magneticdiscs, optical discs, flash memories, or forms of electricallyprogrammable memories (EPROM) or electrically erasable and programmablememories (EEPROM). In some examples, memory 84 is used to store programinstructions for execution by processors 74. Memory 84 may be used bysoftware running on anti-skimming computing device 72 (e.g.,anti-skimming unit 86, transaction unit 94, surveillance unit 95, cardreader component unit 96, display unit 98) to temporarily storeinformation during program execution.

Anti-skimming computing device 72 may utilize UI devices 76 tocommunicate with external devices via one or more networks, e.g.,network 20 from FIG. 1, or via wireless signals. UI devices 76 may benetwork interfaces, such as Ethernet interfaces, optical transceivers,radio frequency (RF) transceivers, or any other type of devices that cansend and receive information. Other examples of interfaces may includeWi-Fi, NFC, or Bluetooth radios. In some examples, anti-skimmingcomputing device 72 utilizes UI devices 76 to wirelessly communicatewith an external device such anti-skimming server 22 from FIG. 1.

Anti-skimming computing device 72 may also use UI devices 76 tocommunicate with users of anti-skimming computing device 72. UI devices76 may be configured to operate as both input devices and outputdevices. For example, UI devices 76 may be configured to receivetactile, audio, or visual input from a user of anti-skimming computingdevice 72. In addition to receiving input from a user, UI devices 76 maybe configured to provide output to a user using tactile, audio, or videostimuli. In one example, UI devices 76 may be configured to outputcontent for display, e.g., a GUI, in accordance with a user interfaceunit stored in memory 84. In this example, UI devices 76 may include apresence-sensitive display that displays a GUI and receives input from auser using capacitive, inductive, and/or optical detection at or nearthe presence sensitive display. Other examples of UI devices 76 includea keypad, touchpad, a voice responsive system, video camera, microphoneor any other type of device for detecting a command from a user, or asound card, a video graphics adapter card, or any other type of devicefor converting a signal into an appropriate form understandable tohumans or machines. Additional examples of UI devices 76 include aspeaker, a CRT monitor, a LCD, OLED, or any other type of device thatcan generate intelligible output to a user.

Anti-skimming computing device 72 may include additional componentsthat, for clarity, are not shown in FIG. 4. Similarly, the components ofanti-skimming computing device 72 shown in FIG. 4 may not be necessaryin every example of anti-skimming computing device 72.

Memory 84 of anti-skimming computing device 72 includes anti-skimmingunit 86. anti-skimming unit 86 may allow anti-skimming computing device72 to detect the presence of a skimming device affixed to anti-skimmingcomputing device 72. Anti-skimming unit 86 may use a sequence ofdetection methods to determine if a skimming device is present. Forexample, image processing unit 92 of anti-skimming unit 86 may analyzeone or more images captured by plurality of micro cameras 80. Imageprocessing unit 92 may obtain one or more images captured by one or moreof the plurality of micro cameras 80. Image processing unit 92 may usethe images to determine if one or more of the plurality of micro camera80 has captured an image that is obscured. Image processing unit 92 maycompare the captured images to images previously captured as baselineimages. The images previously captured may have been captured during theset-up of anti-skimming computing device 72, may be the last imagescaptured by plurality of micro cameras 80, or the like. Image processingunit 92 may determine if changes exist between the images, such as, forexample, color darkening, decrease in sharpness of the image, decreasein brightness of the image, increase in the amount of shadows in theimage, the image being blurred or blocked by an object, or any otherdetail that could indicate that one or more of the plurality of microcameras 80 is blocked or impeded by an object. In some examples, imageprocessing unit 92 compares the images to images that are stored in ananti-skimming server, e.g., anti-skimming server 22 from FIG. 1. Inother examples, image processing unit 92 compares the images to imagesthat are stored in memory 84 of anti-skimming computing device 72. Imageprocessing unit 92 may compare images obtained from the same microcamera at different times, use comparison data from multiple images ormicro cameras, or both. In some examples, image processing unit 92 isprecise enough to determine a change in one or more images captured byplurality of micro cameras 80 due to a transparent object affixed over acard reader component. For example, a blurred image may indicate thepresence of a transparent skimming device, whereas a completely blockedimage may indicate the presence of an opaque skimming device. In someexamples, image processing unit 92 may operate continuously in order todetect an object affixed over a card reader component in real-time.

Upon indication that an image from one or more of the plurality of microcameras 80 is obscured, image processing unit 92 may notify batterydetection unit 90. Battery detection unit 90 may turn on and/or initiatebattery detector 82. Battery detector 82 may be able to detect thepresence of an external battery near the card reader, e.g., an externalbattery used to power a skimming device. In this way, the techniques ofthe disclosure uses a two-stage process to determine if a skimmingdevice is present.

In some examples, plurality of micro cameras 80 may be sensitive tochanges detected and battery detection unit 90 may consequently turn onand/or initiate battery detector 82 often. In other examples, pluralityof micro cameras 80 may be configured so that a detected change may needto be present for a predetermined amount of time prior to turning onand/or initiating battery detector 82. If plurality of micro cameras 80are configured to require a detected change to be present for a certainamount of time, battery detector 82 may be prevented from being turnedon and/or initiated often or due to the presence of a user's hand, ashadow, or the like blocking one or more of the plurality of microcameras 80. However, anti-skimming computing device 72 may be connectedto a power source, and turning on and/or initiating battery detector 82often may not be a concern. In still another example, battery detector82 may remain on at all times. In some such examples, the informationobtained by battery detector 82 may not be analyzed unless imageprocessing unit 92 also determines that one or more images from theplurality of micro cameras 80 is obscured. In this way, battery detector82 may always be turned on, but battery detector 82 may not be initiatedunless image processing unit 90 determines that one or more images fromthe plurality of micro cameras 80 is obscured. As used herein withrespect to battery detector 82, “initiate” refers to obtaining andanalyzing the data captured by battery detector 82, whereas “turn on”refers to the physical act of powering on battery detector 82.

In some examples, battery detector 82 includes circuitry configured todetect the presence of an external battery near the card reader. Forexample, battery detector 82 may include an integrated circuit.

Battery detector 82 may operate though a non-invasive technique, e.g., atechnique that does not require battery detector 82 to be in connectionwith an external battery, such as, an external battery included in askimming device. In order to be non-invasive, battery detector 82 may bea sensor that is able to detect the presence of a static magnetic fieldcreated by the flow of current in the skimming device, rather thandetect a current flowing in the skimming device including the externalbattery. For example, an external battery may use a battery thatprovides a direct-current (DC) power source. The current provided by theDC power source may have a frequency of zero, and thus a non-invasivemethod may be unable to detect the frequency. However, the DC powersource may generate a static magnetic field which may be able to bedetected using a non-invasive method, and therefore detect the presenceof the skimming device including the external battery.

In some examples, battery detector 82 may be a Hall Effect sensor, e.g.,a non-invasive sensor to detect the presence of a static magnetic field.A Hall Effect sensor may generate a measurable voltage as an outputsignal upon exposure to a static magnetic field, e.g., from a DC powersource of an external battery of a skimming device. In some examples,battery detector 82 may additionally or alternatively include a linearcircuit that provides a constant output signal to battery detection unit90. The output signal may be distorted, amplified, and/or attenuated dueto the presence of an external battery. Battery detection unit 90 mayanalyze the output signal of battery detector 82 to determine if anexternal battery is present. For example, battery detection unit 90 maycompare the output signal of battery detector 82, such as a voltagegenerated by a Hall Effect sensor, to a predetermined threshold value.In some such examples, battery detection unit 90 may determine that anexternal battery is present near the card reader if the output signal ofbattery detector 82 is greater than the predetermined threshold value.In other examples, battery detection unit 90 may determine that anexternal battery is present near the card reader if the output signal ofbattery detector 82 is less than the predetermined threshold value. Inyet another example, battery detection unit 90 may determine that anexternal battery is present near the card reader if the output signal ofbattery detector 82 is attenuated, amplified, and/or otherwisedistorted.

Although battery detector 82 is described herein as a Hall Effectsensor, in other examples, battery detector 82 may be any sensor ordevice configured to detect the presence of an external battery. Incases in which battery detector 82 is not a Hall Effect sensor, batterydetector 82 may still use a non-invasive method to detect the presenceof an external battery near the card reader.

In some examples, battery detector 82 may operate for a predeterminedamount of time. For example, battery detector 82 may remain initiatedand searching for an external battery for 5 minutes. If battery detector82 does not detect an external battery within the predetermined amountof time, battery detection unit 90 may turn off battery detector 82. Inother examples, battery detector 82 may remain on at all times, butbattery detector 82 may only be initiated for a predetermined amount oftime. For example, battery detector 82 may be initiated for apredetermined amount of time and then enter a “sleep mode” in whichbattery detector 82 remains on but is not initiated. In some suchexamples, battery detector 82 may operate in a cycle in which batterydetector 82 is initiated for a predetermined amount of time and thenbattery detector 82 is in “sleep mode” for a predetermined amount oftime before being initiated again for the predetermined amount of time.

If battery detector 82 detects the presence of an external battery,battery detection unit 90 may transmit an alert to notification unit 88that an external battery is detected and that there may be a skimmingdevice present on anti-skimming computing device 72. Notification unit88 may alert other units within anti-skimming computing device 72 aboutthe skimming device and may transmit data captured by anti-skimmingcomputing device 72 to an anti-skimming server, e.g., anti-skimmingserver 22 from FIG. 1. If battery detector 82 remains on at all times,battery detection unit 90 may only be initiated if the image processingunit 92 also determines that an image from plurality of micro cameras isobscured. In this way, battery detection unit 90 may transmit an alertto notification unit 88 that an external battery is detected if imageprocessing unit 92 has also determined that one or more images from theplurality of micro cameras 80 is obscured. In turn, anti-skimmingcomputing device 72 may prevent false alarms being transmitted tonotification unit 88 due to the use of two different skimming devicedetection devices, e.g., plurality of micro cameras 80 and batterydetector 82.

Notification unit 88 may alert card reader component unit 96 of thepotential skimming device on anti-skimming computing device 72. Cardreader component unit 96 may close a shutter on the card readercomponent, e.g., shutter 56 from FIG. 3. This may prevent a card frombeing inserted or swiped, and therefore may prevent identifyinginformation from being captured by a skimming device present onanti-skimming computing device 72. The shutter may remain closed untilthe skimming device is no longer detected, may remain closed for apredetermined amount of time, or may remain closed until anti-skimmingcomputing device 72 receives a message that the shutter can be opened.For example, in the case in which the shutter remains closed for apredetermined amount of time, the shutter may remain closed for apredetermined amount of time, e.g., thirty minutes, and thenanti-skimming computing device may determine if a skimming device isstill present. If anti-skimming computing device 72 determines that theskimming device is still present, the shutter may remain closed. Ifanti-skimming computing device 72 determines that the skimming device isnot present, then card reader component unit 96 may open the shutter. Insome examples, anti-skimming computing device 72 may receive the messagethat the shutter can be opened in response to an employee or anotherauthority physically removing the skimming device from anti-skimmingcomputing device 72.

Notification unit 88 may also alert surveillance unit 95 of thepotential skimming device on anti-skimming computing device 72.Surveillance unit 95 may initiate and begin recording a video or captureimages using surveillance camera 78. Surveillance camera 78 may belocated on the front of anti-skimming computing device 72, and mayattempt to capture images or a video including the face of a bad actorattaching a skimming device or walking away from anti-skimming computingdevice 72 in order to capture the identity of that person. Surveillanceunit 95 may send captured images, videos, and/or a live stream of thevideo to an anti-skimming server, e.g. anti-skimming server 22 fromFIG. 1. Surveillance camera 78 may capture images and/or record videosuntil the skimming device is no longer detected, for a predeterminedamount of time, or until anti-skimming computing device 72 receives amessage that the recording can be stopped.

Notification unit 88 may alert display unit 98 of the potential skimmingdevice on anti-skimming computing device 72. Display unit 98 mayconfigure a display on anti-skimming computing device 72 to display an“out of operation” message or the like. The message may also result inanti-skimming computing device 72 locking one or more user interfacedevices of anti-skimming computing device 72 to prevent a transactionfrom occurring using the card reader of anti-skimming computing device72, and therefore may prevent identifying information from beingcaptured by a skimming device affixed over the card reader component ofanti-skimming computing device 72. The display may show the messageuntil the skimming device is no longer detected, for a predeterminedamount of time, or until the anti-skimming computing device 72 receivesa message that normal operation of anti-skimming computing device 72 canresume.

Notification unit 88 may further alert transaction unit 94 of thepotential skimming device on anti-skimming computing device 72.Transaction unit 94 may then prevent any financial transactions fromtaking place using anti-skimming computing device 72. For example,transaction unit 94 may configure anti-skimming computing device 72 sothat financial transaction options, such as, for example, deposits,withdrawals, sales, etc., are no longer presented as an option onanti-skimming computing device 72. As described above, this too mayprevent identifying information from being captured by a skimming devicepresent on anti-skimming computing device 72. Transaction unit 94 mayprevent transactions from occurring until the skimming device is nolonger detected, for a predetermined amount of time, or untilanti-skimming computing device 72 receives a message that transactionscan resume.

Notification unit 88 may also transmit detection of the skimming deviceto an anti-skimming server. In some examples, notification unit 88 mayreceive instructions from the anti-skimming server, such as, forexample, instructions to enact security measures on anti-skimmingcomputing device 72.

In normal operation, card reader component unit 96, surveillance unit95, display unit 98, and/or transaction unit 94 may perform functionsrelated to transactions occurring at anti-skimming computing device 72.As used herein, “normal operation” refers to the operation ofanti-skimming device 72 when a skimming device has not been detected,e.g., through the use of image processing unit 92 and battery detectionunit 90, such as, for example, transactions performed using an ATM, a“pay at the pump” gas station terminal, a “self-checkout” storeterminal, or another computing device having a card reader.

In some examples, card reader component unit 96 may read identifyinginformation from a magnetic stripe, chip, or the like of a card insertedor swiped using the card reader component. Card reader component unit 96may also verify the identity of a user using a PIN or the like enteredby the user through communication with an anti-skimming server. Cardreader component unit 96 may communicate with display unit 98 to promptthe user to perform actions, such as, for example, to insert or swipe acard, to enter a PIN, or the like.

In some examples, surveillance unit 95 may initiate surveillance camera78 during normal operation while a transaction is taking place usinganti-skimming computing device 72. In some examples, surveillance unit95 may initiate surveillance camera 78 in additional or alternativeinstances during normal operation.

Display unit 98 may operate the display on anti-skimming computingdevice 72 to allow for normal operation of anti-skimming computingdevice 72. Display unit 98 may configure the display to present aninformational video, e.g., as described with respect to FIG. 2. Displayunit 98 may also configure the display to allow the user to makeselections, input information, and perform financial transactions usinganti-skimming computing device 72.

Transaction unit 94 may configure anti-skimming computing device 72 toperform transactions. Transaction unit 94 may communicate with ananti-skimming server to determine if a user has sufficient funds toperform a transaction. In some examples, transaction unit 94 may alsoconfigure anti-skimming computing device 72 to accept or deliver thefunds as required by a transaction. In some examples, transaction unit94 may operate to allow financial transactions, e.g., in the case whereanti-skimming computing device is an ATM. In other examples, transactionunit 94 may operate to allow transactions regarding the sale or purchaseof goods, e.g., in the case where anti-skimming computing device 72 is a“pay at the pump” gas station terminal or a “self-checkout” storeterminal. Transaction unit 94 may communicate with display unit 98 toprompt the user for information, notify the user of the transactionstatus, or the like.

FIG. 5 is a block diagram illustrating an example anti-skimming server100, in accordance with the aspects of the disclosure. Anti-skimmingserver 100 may be a part of a financial institution network, e.g.,financial institution network 30 from FIG. 1. Anti-skimming server 100may operate substantially similar to anti-skimming server 22 fromFIG. 1. For example, anti-skimming server 100 may communicate withanti-skimming computing device 12 via network 20 from FIG. 1. Thearchitecture of anti-skimming server 100 illustrated in FIG. 5 is shownfor exemplary purposes only and anti-skimming server 100 should not belimited to this architecture. In other examples, anti-skimming server100 may be configured in a variety of ways.

As shown in the example of FIG. 5, anti-skimming server 100 includes oneor more processors 102, one or more interfaces 104, and one or morememory units 106. Memory 106 of anti-skimming server 100 includesanti-skimming unit 108, which is executable by processors 102. Each ofthe components, units, or modules of anti-skimming server 100 arecoupled (physically, communicatively, and/or operatively) usingcommunication channels for inter-component communications. In someexamples, the communication channels may include a system bus, a networkconnection, an inter-process communication data structure, or any othermethod for communicating data.

Processors 102, in one example, may include one or more processors thatare configured to implement functionality and/or process instructionsfor execution within anti-skimming server 100. For example, processors102 may be capable of processing instructions stored by memory 106.Processors 102 may include, for example, microprocessors, digital signalprocessors (DSPs), application specific integrated circuits (ASICs),field-programmable gate array (FPGAs), or equivalent discrete orintegrated logic circuitry, or a combination of any of the foregoingdevices or circuitry.

Memory 106 may be configured to store information within anti-skimmingserver 100 during operation. Memory 106 may include a computer-readablestorage medium or computer-readable storage device. In some examples,memory 106 includes one or more of a short-term memory or a long-termmemory. Memory 106 may include, for example, random access memories(RAM), dynamic random access memories (DRAM), static random accessmemories (SRAM), magnetic discs, optical discs, flash memories, or formsof electrically programmable memories (EPROM), or electrically erasableand programmable memories (EEPROM). In some examples, memory 106 is usedto store program instructions for execution by processors 102. Memory106 may be used by software or applications running on anti-skimmingserver 100 (e.g., anti-skimming unit 106) to temporarily storeinformation during program execution.

Anti-skimming server 100 may utilize interfaces 104 to communicate withexternal devices via one or more networks, e.g., network 20 from FIG. 1,or via wireless signals. Interfaces 104 may be network interfaces, suchas Ethernet interfaces, optical transceivers, radio frequency (RF)transceivers, or any other type of devices that can send and receiveinformation. Other examples of interfaces may include Wi-Fi, near-fieldcommunication (NFC), or Bluetooth radios. In some examples,anti-skimming server 100 utilizes interfaces 104 to communicate with anexternal device such as anti-skimming computing device 12 from FIG. 1.

Anti-skimming unit 108 includes image storage 110 and notification unit112. Image storage 110 stores images from a plurality of micro camerasof an anti-skimming computing device, e.g., micro cameras 16 ofanti-skimming computing device 12 from FIG. 1. Image storage 110includes images previously captured by the plurality of micro camerasthat can be used to determine if one or more of the current images fromthe plurality of micro cameras is obscured, such as due to the presenceof a skimming device. In some examples, image storage 110 includes allof the images captured by the plurality of micro cameras. In otherexamples, image storage 110 includes less than all of the imagescaptured by the plurality of micro cameras. For example, image storage110 may include the most recent images from the plurality of the microcameras. In some examples, image storage 110 may include baselineimages. The baseline images may be images previously captured, such as,for example, images captured during the set-up of the anti-skimmingcomputing device, the last images captured by the plurality of microcameras, or the like. In some examples, the anti-skimming computingdevice accesses the images stored in image storage 110 in order todetermine if one or more of the current images from the plurality ofmicro cameras is obscured. Alternatively, or in addition, to imagestorage 110, the anti-skimming computing device may store the imagespreviously captured by the plurality of micro cameras.

Notification unit 112 may send notifications to an anti-skimmingcomputing device and/or one or more support servers, e.g., alert systemserver 28, forensic analysis server 26, and data analytics predictionserver 24 from FIG. 1, via interfaces 104. The notifications to theanti-skimming computing device may include instructions relating tosecurity measures to be performed by the anti-skimming computing device.In some examples, notification unit 112 may send instructions to theanti-skimming computing device in response to a notification indicatingthe presence of a skimming device affixed to the anti-skimming computingdevice. For example, notification unit 112 may send instructions to theanti-skimming computing device to close a shutter on a card readercomponent, initiate a surveillance camera, display an “out of operation”message, or the like in lieu of the anti-skimming computing deviceinitiating the security measures.

In other examples, the anti-skimming computing device may enact thesecurity measures itself, without receiving instructions fromnotification unit 112. In yet another example, notification unit 112 mayoverride a security measure initiated by the anti-skimming computingdevice. For example, notification unit 112 may have access to additionalinformation about the skimming attack, e.g., from the support servers,and may determine that one or more security measures are not necessary.In some examples, notification unit 112 may send instructions to ananti-skimming computing device to enact security measures due to thepresence of a skimming device detected on another anti-skimmingcomputing device located within a surrounding area. In this way,notification unit 112 may have a global view of a network ofanti-skimming computing devices, and may send the instructions aspreemptive security measure, e.g., in the case where a potential futureskimming attack is suspected.

Notification unit 112 may also send instructions to the anti-skimmingcomputing device to resume normal operation. For example, in the case inwhich the anti-skimming computing device was displaying an “out ofoperation” message due to the presence of a skimming device,notification unit 112 may send the anti-skimming computing deviceinstructions to resume normal operation after the skimming device isremoved by an authority.

Notification unit 112 may send notifications to one or more supportservers. In some examples, the notification may include data, video,images, or the like that relate to a skimming device affixed to ananti-skimming computing device. For example, anti-skimming server 100may receive images and/or videos from an anti-skimming device and/or asurrounding surveillance camera, and may send the images and/or videosto one or more of a forensic analysis server, a data analyticsprediction server, or an alert system server. Notification unit 112 mayalso receive notifications and/or instructions from the support servers.In some examples, notification unit 112 may send instructions to one ormore of the support servers to initiate one or more surroundingsurveillance cameras. In other examples, notification unit 112 mayinitiate one or more surrounding surveillance cameras.

FIG. 6 is a flow diagram illustrating an example technique 120 to detecta skimming device affixed over a card reader component of a computingdevice, in accordance with aspects of the disclosure. The exampletechnique of FIG. 6 will be described with respect to network system 10of FIG. 1 and anti-skimming computing device 72 of FIG. 4.

Anti-skimming computing device 72 analyzes images captured by aplurality of micro cameras 80 positioned on the computing device 72proximate to a card reader component of computing device 72 (122).Anti-skimming computing device 72 then determines whether any of theimages captured by the plurality of micro cameras 80 are obscured (124).For example, image processing unit 92 of computing device 72 may analyzethe images captured by the plurality of micro cameras 80 in real-time.The images may be analyzed in order to determine if one or more of theimages captured by the plurality of micro cameras 80 are obscured (e.g.,blurred or blocked) potentially due to the presence of a skimming deviceaffixed over the card reader component of computing device 72. Imageprocessing unit 92 may analyze the images in accordance with aspects ofthis disclosure described in detail above.

In response to the determination that the one or more of the images ofthe plurality of micro cameras are obscured (YES branch of 124),anti-skimming computing device 72 initiates a battery detector 82included in the computing device 72 (126). Battery detector 82 maydetermine whether an external battery is present near the card readercomponent of anti-skimming computing device 72 (128). The presence of anexternal battery near the card reader component of anti-skimmingcomputing device 72 may signify that a skimming device is present. If itis determined that the images captured by plurality of micro cameras 80are not obscured and/or no external battery is detected by batterydetector 82 (NO branches of 124 and 128), anti-skimming computing device72 may resume normal operation (130).

In response to the battery detector 82 detecting a presence of anexternal battery near the card reader component of anti-skimmingcomputing device 72 (YES branch of 128), computing device 72 determinesthat a skimming device is affixed over the card reader component of thecomputing device 72.

In response to the determination that the skimming device is affixedover the card reader component, a shutter on the card reader componentmay be closed over the card reader and/or a card slot (134). Closing theshutter may prevent a card from being inserted or swiped, and thereforemay prevent identifying information from being captured by a skimmingdevice affixed to anti-skimming computing device 72. The shutter mayremain closed until the skimming device is no longer detected, for apredetermined amount of time, or until anti-skimming computing device 72receives a message that the shutter can be opened.

Additionally, or alternatively, in response to the determination thatthe skimming device is affixed over the card reader component, displayunit 98 may present an “out of operation” message or the like on adisplay of anti-skimming computing device 72 (134). The message may beshown until the skimming device is no longer detected, for apredetermined amount of time, or until anti-skimming computing device 72receives a message that normal operation can be resumed, e.g., fromanti-skimming server 22.

Surveillance camera 78 of anti-skimming computing device 72 may beinitiated and configured to begin capturing images or a video (136).Surveillance camera 78 may attempt to capture the face of a bad actorwho may have affixed the skimming device, which may help determine theidentity of that person. Surveillance camera 78 may capture imagesand/or videos until the skimming device is no longer detected, for apredetermined amount of time, or until anti-skimming computing device 72receives a message that the capturing can be stopped.

Anti-skimming computing device 72 may also transmit a notification toanti-skimming server 22 regarding the potential skimming device (138).The notification may include an alert that a skimming device may bepresent over a card reader component of anti-skimming computing device72, one or more images captured by the plurality of micro cameras 80, animage, a video, or a live stream video from surveillance camera 78, orthe like.

Anti-skimming server 22 may receive the notification from anti-skimmingcomputing device 72 (140). Anti-skimming server 22 may then initiatesurrounding surveillance cameras, e.g., surveillance cameras in thevicinity of anti-skimming computing device 72, to operate in an attemptto help capture one or more images and/or videos of the bad actor, inaccordance with the aspects of the disclosure (142). In some examples,anti-skimming server 22 may directly initiate the surroundingsurveillance cameras. In other examples, anti-skimming server 22 maycommunicate with forensic analysis server 26 in order to initiate thesurrounding surveillance cameras.

Anti-skimming server 22 may also transmit some or all of the data andinformation received from anti-skimming computing device 72 and/or thesurrounding surveillance cameras to one or more additional servers(144). In some examples, the additional servers may be alert systemserver 28, forensic analysis server 26, and data analytics predictionserver 24. In some examples, the additional servers may performfunctions relating to the detection, prediction, and/or prevention ofskimming attacks. For example, alert system server 28 may alert anauthority of the skimming device affixed to anti-skimming computingdevice 12, forensic analysis server 26 may store data that may helpdetermine the identity of the bad actor responsible for affixing theskimming device to anti-skimming computing device 12, and data analyticsprediction server 24 may predict where a future skimming attack islikely to occur.

It is to be recognized that depending on the example, certain acts orevents of any of the techniques described herein can be performed in adifferent sequence, may be added, merged, or left out altogether (e.g.,not all described acts or events are necessary for the practice of thetechniques). Moreover, in certain examples, acts or events may beperformed concurrently, e.g., through multi-threaded processing,interrupt processing, or multiple processors, rather than sequentially.

In one or more examples, the functions described may be implemented inhardware, software, firmware, or any combination thereof. If implementedin software, the functions may be stored on or transmitted over acomputer-readable medium as one or more instructions or code, andexecuted by a hardware-based processing unit. Computer-readable mediamay include computer-readable storage media, which corresponds to atangible medium such as data storage media, or communication mediaincluding any medium that facilitates transfer of a computer programfrom one place to another, e.g., according to a communication protocol.In this manner, computer-readable media generally may correspond to (1)tangible computer-readable storage media which is non-transitory or (2)a communication medium such as a signal or carrier wave. Data storagemedia may be any available media that can be accessed by one or morecomputers or one or more processors to retrieve instructions, codeand/or data structures for implementation of the techniques described inthis disclosure. A computer program product may include acomputer-readable medium.

By way of example, and not limitation, such computer-readable storagemedia can comprise RAM, ROM, EEPROM, CD-ROM or other optical diskstorage, magnetic disk storage, or other magnetic storage devices, flashmemory, or any other medium that can be used to store desired programcode in the form of instructions or data structures and that can beaccessed by a computer. Also, any connection is properly termed acomputer-readable medium. For example, if instructions are transmittedfrom a website, server, or other remote source using a coaxial cable,fiber optic cable, twisted pair, digital subscriber line (DSL), orwireless technologies such as infrared, radio, and microwave, then thecoaxial cable, fiber optic cable, twisted pair, DSL, or wirelesstechnologies such as infrared, radio, and microwave are included in thedefinition of medium. It should be understood, however, thatcomputer-readable storage media and data storage media do not includeconnections, carrier waves, signals, or other transitory media, but areinstead directed to non-transitory, tangible storage media. Disk anddisc, as used herein, includes compact disc (CD), laser disc, opticaldisc, digital versatile disc (DVD), floppy disk and Blu-ray disc, wheredisks usually reproduce data magnetically, while discs reproduce dataoptically with lasers. Combinations of the above should also be includedwithin the scope of computer-readable media.

Instructions may be executed by one or more processors, such as one ormore digital signal processors (DSPs), general purpose microprocessors,application specific integrated circuits (ASICs), field programmablegate arrays (FPGAs), or other equivalent integrated or discrete logiccircuitry, as well as any combination of such components. Accordingly,the term “processor,” as used herein may refer to any of the foregoingstructures or any other structure suitable for implementation of thetechniques described herein. In addition, in some aspects, thefunctionality described herein may be provided within dedicated hardwareand/or software modules. Also, the techniques could be fully implementedin one or more circuits or logic elements.

The techniques of this disclosure may be implemented in a wide varietyof devices or apparatuses, including a wireless communication device orwireless handset, a mobile computing device, a microprocessor, anintegrated circuit (IC) or a set of ICs (e.g., a chip set). Variouscomponents, modules, or units are described in this disclosure toemphasize functional aspects of devices configured to perform thedisclosed techniques, but do not necessarily require realization bydifferent hardware units. Rather, as described above, various units maybe combined in a hardware unit or provided by a collection ofinteroperative hardware units, including one or more processors asdescribed above, in conjunction with suitable software and/or firmware.

Various examples have been described. These and other examples arewithin the scope of the following claims.

The invention claimed is:
 1. A computing device comprising: a cardreader component comprising a card reader; a plurality of micro cameraspositioned proximate to the card reader; a battery detector circuit; andprocessing circuitry in communication with the card reader component,the plurality of micro cameras, and the battery detector circuit,wherein the processing circuitry is configured to: analyze one or moreimages captured by the plurality of micro cameras; determine that one ormore of the images captured by the plurality of micro cameras isobscured; in response to the determination that the one or more of theimages of the plurality of micro cameras is obscured, initiate thebattery detector circuit, and in response to the battery detectorcircuit detecting a presence of an external battery near the cardreader, determine that a skimming device is affixed over the card readercomponent.
 2. The computing device of claim 1, wherein the card readercomponent further comprises a card slot and a card reader shutter, andwherein the processing circuitry is configured to, in response to thedetermination that the skimming device is affixed over the card readercomponent, close the card reader shutter over the card slot to preventtransactions using the card reader.
 3. The computing device of claim 1,further comprising a surveillance camera in communication with theprocessing circuitry, wherein the processing circuitry is configured to,in response to the determination that the skimming device is affixedover the card reader component, initiate the surveillance camera tocapture one or more images.
 4. The computing device of claim 1, furthercomprising one or more user interface devices including a display incommunication with the processing circuitry, wherein the processingcircuitry is configured to, in response to the determination that theskimming device is affixed over the card reader component: instruct thedisplay to present an out of operation message; and lock the one or moreuser interface devices of the computing device to prevent transactionsusing the card reader from occurring.
 5. The computing device of claim1, wherein the processing circuitry is configured to, in response to thedetermination that the skimming device is affixed over the card readercomponent, send a notification of the skimming device to one or moreservers via a network connection.
 6. The computing device of claim 1,wherein the battery detector circuit comprises a Hall Effect sensorconfigured to generate a voltage in response to a static magnetic fieldfrom a nearby direct current (DC) power source, and wherein the batterydetector circuit detects the presence of the external battery based on acomparison of the voltage to a threshold.
 7. The computing device ofclaim 1, wherein the plurality of micro cameras are located behind aprotective housing of the card reader component, wherein the protectivehousing includes a plurality of holes aligned with the plurality ofmicro cameras.
 8. The computing device of claim 1, further comprising adisplay in communication with the processing circuitry, wherein theprocessing circuitry: instructs the display to present an introductionuser interface to a user of the computing device; and in response toinput received from the user indicating a need to use the computingdevice, instructs the display to present an informational video aboutskimming devices to the user.
 9. A method comprising: analyzing, by acomputing device having a card reader component comprising a cardreader, one or more images captured by a plurality of micro cameraspositioned on the computing device proximate to the card reader;determining, by the computing device, that one or more of the imagescaptured by the plurality of micro cameras is obscured; in response tothe determination that the one or more of the images of the plurality ofmicro cameras is obscured, initiating a battery detector circuitincluded in the computing device; and in response to the batterydetector circuit detecting a presence of an external battery near thecard reader, determining that a skimming device is affixed over the cardreader component of the computing device.
 10. The method of claim 9,further comprising, in response to determining that the skimming deviceis affixed over the card reader component: closing a card reader shutterover a card slot of the card reader component to prevent transactionsusing the card reader.
 11. The method of claim 9, further comprising, inresponse to determining that the skimming device is affixed over thecard reader component: initiating a surveillance camera included in thecomputing device to capture one or more images.
 12. The method of claim9, further comprising, in response to determining that the skimmingdevice is affixed over the card reader component: presenting, on adisplay of the computing device, an out of operation message; andlocking one or more user interface devices of the computing device toprevent transactions using the card reader from occurring.
 13. Themethod of claim 9, further comprising, in response to determining thatthe skimming device is affixed over the card reader component: sending anotification of the skimming device to one or more servers incommunication with the computing device.
 14. The method of claim 9,wherein initiating the battery detector circuit included in thecomputing device comprises: initiating a Hall Effect sensor configuredto generate a voltage in response to a static magnetic field from anearby direct current (DC) power source; and detecting the presence ofthe external battery based on a comparison of the voltage to athreshold.
 15. The method of claim 9, further comprising: presenting, ona display of the computing device, an introduction user interface to auser of the computing device; and in response to input received from theuser indicating a need to use the computing device, presenting, on thedisplay, an informational video about skimming devices to the user. 16.The method of claim 9, wherein the one or more images comprise a firstset of images, the method further comprising: analyzing a second set ofimages captured by the plurality of micro cameras; determining that noneof the images of the first set of images are obscured based on thesecond set of images; and in response to the determination that none ofthe images of the first set of images are obscured, resuming normaloperation of the computing device.
 17. The method of claim 9, whereinthe one or more images comprise a first set of images, the methodfurther comprising: analyzing a second set of images captured by theplurality of micro cameras; determining that one or more of the imagesof the first set of images is obscured based on the second set ofimages; in response to the determination that the one or more of theimages of the first set of images is obscured, initiating the batterydetector circuit; and in response to the battery detector circuitdetecting no external battery near the card reader, resuming normaloperation of the computing device.
 18. The method of claim 9, furthercomprising detecting, by the battery detector circuit of the computingdevice, the presence of the external battery near the card reader for apredetermined amount of time.
 19. A system comprising: a computingdevice comprising a card reader component including a card reader, aplurality of micro cameras positioned proximate to the card reader, anda battery detector circuit, wherein the computing device is configuredto, in response to a determination that one or more images captured bythe plurality of micro cameras is obscured, initiate the batterydetector circuit, and, in response to the battery detector circuitdetecting a presence of an external battery near the card reader,determine that a skimming device is affixed over the card readercomponent; and a server device in communication with the computingdevice and configured to: receive, from the computing device, anotification that the skimming device is affixed over the card readercomponent of the computing device; and in response to the notification,send instructions to one or more support servers to initiate a pluralityof surveillance cameras located in a surrounding area of the computingdevice, and send instructions to the computing device to enact one ormore security measures to prevent transactions using the card readercomponent of the computing device.
 20. The system of claim 19, wherein,to send instructions to the computing device to enact the one or moresecurity measures, the server device is further configured to sendinstructions to at least one of: close a card reader shutter over a cardslot of the card reader component of the computing device to preventtransactions using the card reader component; initiate a surveillancecamera included in the computing device to capture one or more images;or present, on a display of the computing device, an out of operationmessage.